home.social

#semperis — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #semperis, aggregated by home.social.

  1. ----------------

    🎯 Threat Intelligence
    ===================

    Executive summary
    Reports and industry data indicate a rising trend: some ransomware and extortion campaigns now include explicit threats of physical violence against employees. Public reporting cites FBI statistics and vendor research showing a non-trivial share of recent cases include doxxing and intimidation.

    Technical details
    • FBI reported US incident count rose to 1,008,597 in the most recent year, with aggregate losses of $20.8bn. Historical baseline noted 288,012 incidents in 2015.
    • Vendor research from Semperis claims threats of physical harm were present in ~40% of global ransomware attacks in 2025, and ~46% within US incidents.
    • Case vignettes include: a security negotiator receiving an anonymous threatening package; hospital staff receiving targeted calls containing names, street addresses and SSNs; and adversaries demonstrating control over manufacturing equipment (robots, conveyor belts).
    • Adversary characteristics reported: many financially-motivated groups (not only state-linked actors), with an FBI profile referencing primarily young operators (approx. 17–25). Reports also note use of third parties contracted to carry out threats.

    Analysis
    The dataset presented is largely descriptive. The combination of data theft (personal addresses, SSNs) plus targeted outreach to employees raises the operational profile of extortion campaigns beyond purely digital impact. Demonstrations of control over industrial hardware introduce a direct safety vector that could escalate incidents from business-disruption to bodily-harm risk. The reporting does not provide IoCs, malware family names, CVEs, or ATT&CK IDs.

    Detection
    The source does not publish technical detection signatures or specific IoCs. Public examples imply two observable items: unauthorized access to HR/personal-data stores and exfiltration of employee PII preceding targeted outreach, and anomalous commands/actuations in OT/ICS environments.

    Mitigation
    The article does not supply prescriptive mitigation guidance. Reported responses include negotiation by incident response teams and involvement of security vendors. The reporting notes that attackers may subcontract physical intimidation.

    References
    Primary reporting summarised from public news article and vendor comments cited therein. The source does not list technical artefacts or forensic indicators.

    🔹 ransomware #doxxing #Semperis #FBI #extortion

    🔗 Source: bbc.com/news/articles/cr71d8vy

  2. Weekly output: wireless-service satisfaction, ransomware survey, Dashlane report, Verizon fee increases, drone policy

    I had one work event on my calendar this week that I don’t think rates as an appearance worth listing here, since I got roped into it at the last minute. I’d put the Internet Law & Policy Foundry’s tech-law trivia contest on my schedule Wednesday thinking it would be fun to watch, but then one of the contestants asked if I’d like to join their team–and we finished in third place. This was one of the first public trivia contests I’d joined since 1987, when I was a member of the high school team that won a New Jersey state championship, and it’s nice to see that I still have it or at least some of it.

    This coming week has me traveling for work for the first time since the middle of June and to an event that first landed on my travel calendar in 2018: I’m headed to Las Vegas for the Black Hat information-security conference. The trip doesn’t include the DEF CON infosec conference that follows Black Hat, and on Patreon I explained why I opted out of that and feel a little guilty about it.

    7/31/2025: People Like Wireless Service Best When It Doesn’t Involve the Big 3 Carriers, PCMag

    The gap betweeen J.D. Power’s customer-satisfaction stats for the big three wireless carriers and that firm’s metrics for companies reselling the networks of AT&T, T-Mobile and Verizon caught my eye.

    8/1/2025: Ransomware Victims Are Still Paying Up, Some More Than Once, PCMag

    This survey published by the security firm Semperis got an unfortunate news peg when the Trump administration rescinded the West Point department-chair appointment of one of the report’s expert contributors, former Cybersecurity & Infrastructure Security Administration head Jen Easterly.

    8/1/2025: This Password Manager Caught Some of Its Own Employees Not Using Its Product, PCMag

    Dashlane’s PR folks offered me this story ahead of time. Since I have always found the fallible-human element of information security to be fascinating, I accepted the offer, and then my editors concurred.

    8/1/2025: Months After Freezing Wireless Rates But Not Fees, Verizon Slips in a Fee Increase, PCMag

    One of my colleagues brought this to my attention, and I was happy to set aside some time Friday morning to cover it.

    8/2/2025: The Drone Industry Can’t Wait for This One Federal Regulation to Take Off, PCMag

    I spent Tuesday and Wednesday at Nationals Park to cover a drone-policy conference hosted there by the trade group AUVSI, but I didn’t get around to writing it until Thursday night.

    #AUVSI #BlackHat #ConsumerCellular #Dashlane #droneDelivery #drones #finePrint #JDPower #junkFees #NationalsPark #NatsPark #passwordManager #ransomware #Semperis #verizon #Vz #wirelessServices

  3. Weekly output: wireless-service satisfaction, ransomware survey, Dashlane report, Verizon fee increases, drone policy

    I had one work event on my calendar this week that I don’t think rates as an appearance worth listing here, since I got roped into it at the last minute. I’d put the Internet Law & Policy Foundry’s tech-law trivia contest on my schedule Wednesday thinking it would be fun to watch, but then one of the contestants asked if I’d like to join their team–and we finished in third place. This was one of the first public trivia contests I’d joined since 1987, when I was a member of the high school team that won a New Jersey state championship, and it’s nice to see that I still have it or at least some of it.

    This coming week has me traveling for work for the first time since the middle of June and to an event that first landed on my travel calendar in 2018: I’m headed to Las Vegas for the Black Hat information-security conference. The trip doesn’t include the DEF CON infosec conference that follows Black Hat, and on Patreon I explained why I opted out of that and feel a little guilty about it.

    7/31/2025: People Like Wireless Service Best When It Doesn’t Involve the Big 3 Carriers, PCMag

    The gap betweeen J.D. Power’s customer-satisfaction stats for the big three wireless carriers and that firm’s metrics for companies reselling the networks of AT&T, T-Mobile and Verizon caught my eye.

    8/1/2025: Ransomware Victims Are Still Paying Up, Some More Than Once, PCMag

    This survey published by the security firm Semperis got an unfortunate news peg when the Trump administration rescinded the West Point department-chair appointment of one of the report’s expert contributors, former Cybersecurity & Infrastructure Security Administration head Jen Easterly.

    8/1/2025: This Password Manager Caught Some of Its Own Employees Not Using Its Product, PCMag

    Dashlane’s PR folks offered me this story ahead of time. Since I have always found the fallible-human element of information security to be fascinating, I accepted the offer, and then my editors concurred.

    8/1/2025: Months After Freezing Wireless Rates But Not Fees, Verizon Slips in a Fee Increase, PCMag

    One of my colleagues brought this to my attention, and I was happy to set aside some time Friday morning to cover it.

    8/2/2025: The Drone Industry Can’t Wait for This One Federal Regulation to Take Off, PCMag

    I spent Tuesday and Wednesday at Nationals Park to cover a drone-policy conference hosted there by the trade group AUVSI, but I didn’t get around to writing it until Thursday night.

    #AUVSI #BlackHat #ConsumerCellular #Dashlane #droneDelivery #drones #finePrint #JDPower #junkFees #NationalsPark #NatsPark #passwordManager #ransomware #Semperis #verizon #Vz #wirelessServices

  4. Weekly output: wireless-service satisfaction, ransomware survey, Dashlane report, Verizon fee increases, drone policy

    I had one work event on my calendar this week that I don’t think rates as an appearance worth listing here, since I got roped into it at the last minute. I’d put the Internet Law & Policy Foundry’s tech-law trivia contest on my schedule Wednesday thinking it would be fun to watch, but then one of the contestants asked if I’d like to join their team–and we finished in third place. This was one of the first public trivia contests I’d joined since 1987, when I was a member of the high school team that won a New Jersey state championship, and it’s nice to see that I still have it or at least some of it.

    This coming week has me traveling for work for the first time since the middle of June and to an event that first landed on my travel calendar in 2018: I’m headed to Las Vegas for the Black Hat information-security conference. The trip doesn’t include the DEF CON infosec conference that follows Black Hat, and on Patreon I explained why I opted out of that and feel a little guilty about it.

    7/31/2025: People Like Wireless Service Best When It Doesn’t Involve the Big 3 Carriers, PCMag

    The gap betweeen J.D. Power’s customer-satisfaction stats for the big three wireless carriers and that firm’s metrics for companies reselling the networks of AT&T, T-Mobile and Verizon caught my eye.

    8/1/2025: Ransomware Victims Are Still Paying Up, Some More Than Once, PCMag

    This survey published by the security firm Semperis got an unfortunate news peg when the Trump administration rescinded the West Point department-chair appointment of one of the report’s expert contributors, former Cybersecurity & Infrastructure Security Administration head Jen Easterly.

    8/1/2025: This Password Manager Caught Some of Its Own Employees Not Using Its Product, PCMag

    Dashlane’s PR folks offered me this story ahead of time. Since I have always found the fallible-human element of information security to be fascinating, I accepted the offer, and then my editors concurred.

    8/1/2025: Months After Freezing Wireless Rates But Not Fees, Verizon Slips in a Fee Increase, PCMag

    One of my colleagues brought this to my attention, and I was happy to set aside some time Friday morning to cover it.

    8/2/2025: The Drone Industry Can’t Wait for This One Federal Regulation to Take Off, PCMag

    I spent Tuesday and Wednesday at Nationals Park to cover a drone-policy conference hosted there by the trade group AUVSI, but I didn’t get around to writing it until Thursday night.

    #AUVSI #BlackHat #ConsumerCellular #Dashlane #droneDelivery #drones #finePrint #JDPower #junkFees #NationalsPark #NatsPark #passwordManager #ransomware #Semperis #verizon #Vz #wirelessServices